Monday, January 23, 2012

Update 04.12.2012: Video of the presentation embedded below. Ten years ago if you would have told me that I'd be back living in Hawaii, founder of a fast growing technology company, and a TED speaker -- I would've said, "What's a TED?" Preparing for TEDxMaui was extremely difficult. The presentation format is completely different than anything I’ve ever done before. It was limited to just 18 minutes as opposed to 50, and given to an audience of every day people eager to see something amazing, instead of security professionals and high-tech workers. The message had to be crystal clear. Since TEDxMaui videos won’t be published until late February, you’ll have to settle for my substandard textual description for now.

I wanted everyone, both the viewers in the audience and those who would eventually watch the video, to deeply appreciate the crucial importance of Internet security. I want everyone to know that to discuss Internet security is really to discuss our economic well-being and our national security, and I want everyone to know that both are under attack -- every single day. Most of all I wanted everyone to know that hacking, and people learning how to hack, is absolutely essential to defend ourselves. I labelled this concept Hack Yourself First, the title of the presentation. Hack Yourself First advocatesbuilding up our cyber-offense skills, and focusing these skills inward at ourselves, to find and fix security issues before the bad guys find and exploit them.

Before presenting Hack Yourself First I had to first imagine how the audience would respond. Most watching undoubtedly have only had negative experiences with the words “hacking” and “hackers.” All they likely knew of hacking is in relation to viruses infecting their computers, stealing money out of (their) bank accounts, TV interviews of shadowy characters wearing Guy Fawkes masks, salacious articles featuring cyber villains, and of course bad hollywood movies. Whether we like it or not, these are the ambassadors of hacking, so the idea of teaching cyber-offense skills might be considered akin to illegal activity. Just the same, there I was on stage revealing that, “Yes, I am a hacker -- but not like them.”

I don’t know what precisely it was that I said, but the message of Hack Yourself First undoubtedly resonated in a big way. No less than a hundred people introduced themselves to me afterwards excitedly asking, “How do I learn to hack myself first?” Perhaps I shouldn’t have been, but I was blown away. And not just the very young or student age, I’m talking about people 45 up to 70 years old with zero technology background. Maybe it was because I taught them a simple hacking trick, a simple hacking trick they could grasp, and even do, like those from my “Get Rich or Die Trying” presentation. Suddenly the fascinating subject of hacking, which they previously assumed was too complicated to learn, was suddenly approachable. I taught a TED audience how to hack! How cool is that!? :)

Many in the information security industry have been trying desperately and in vain to raise Internet security awareness among the masses. We repeatedly give people laundry lists of what not to do, and it isn’t helping. Better awareness, better overall Internet security, could be accomplished through Hack Yourself First. Teach anyone and everyone who wants to learn how to do the actual attacks the bad guys use against them, perhaps packaged up in a Capture-the-Flag format. That would be a lot of fun for everyone. When people know precisely how hacking works, they’ll be in a better position to spot attacks against them and be on their guard.

I came to TEDxMaui to share my ideas with a wider audience, but what I came away with was more ideas from them about where we can take Hack Yourself First.

About Me

Jeremiah Grossman's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. He has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for his security research. Jeremiah has written hundreds of articles and white papers. As an industry veteran, he has been featured in hundreds of media outlets around the world. Jeremiah has been a guest speaker on six continents at hundreds of events including many top universities. All of this was after Jeremiah served as an information security officer at Yahoo!